Red Hat CERTIFICATE SYSTEM 8 Install Manual page 77

CryptoArc4() success
CryptoEcdh() success
CryptoEcdsa() success
CryptoEcmqv() success
CryptoPkcs1Enc() success
CryptoPkcs1Sig() success
CryptoRsaEnc() success
CryptoRsaSig() success
CryptoSha1() success
Slot info for Slot 0
Desc: FIPS Generic Crypto Services V1.0.1d
manufacturerID:
flags:
hardwareVersion: 1.0
...
10. Edit the pkiuser's home directory so that every file is owned by pkiuser.
cd /usr/share/pki; chown -R pkiuser:pkiuser pkiuser
11. List the Certicom ECC module to make sure it has been properly loaded. The module is in security
databases in the subsystem's alias directory. For example:
modutil -dbdir /var/lib/pki-ca/alias -list certicom
12. Add the password for the ECC token to the subsystem's password file. Escape any spaces or
special characters in the name. For example:
vim /etc/pki-ca/password.conf
hardware-Certicom\ FIPS\ Cert/Key\ Services=secret
The hardware- prefix is required.
13. Edit the CA configuration and add a line to require signature verification. In this file, spaces and
special characters do not need to be escaped. For example:
ca.requestVerify.token=Certicom FIPS Cert/Key Services
14. Edit file dtomcat5-instance file for the subsystem in the /usr/bin directory, and add a line to
use the ECC module.
umask 00002
NSS_USE_DECODED_CKA_EC_POINT=1
export NSS_USE_DECODED_CKA_EC_POINT
15. Start the CA.
CryptoAes() success
CryptoDes() success
CryptoDh() success
CryptoDsa() success
Token() samples starting
Certicom Corp.
0x1
CKF_TOKEN_PRESENT
Loading the Certicom ECC Module
67